CVE-2021-26264 - OpenCVE

A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Emerson	Deltav Workstation Deltav Distributed Control System

Configuration 1 [-]

OR	cpe:2.3:a:emerson:deltav_workstation:-:::::::*
	cpe:2.3:o:emerson:deltav_distributed_control_system:-:::::::*

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04	Mitigation Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2021-12-21T00:00:00

Updated: 2022-01-28T19:09:49

Reserved: 2021-12-16T00:00:00

Link: CVE-2021-26264

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-28T20:15:10.927

Modified: 2022-02-02T20:28:47.330

Link: CVE-2021-26264

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "credits": [{"lang": "en", "value": "Sharon Brizinov of Claroty reported these vulnerabilities to Emerson."}], "datePublic": "2021-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-28T19:09:49", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"}], "source": {"advisory": "ICSA-21-355-04", "discovery": "UNKNOWN"}, "title": "Emerson DeltaV Missing Authentication for Critical Function", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-12-21T15:34:00.000Z", "ID": "CVE-2021-26264", "STATE": "PUBLIC", "TITLE": "Emerson DeltaV Missing Authentication for Critical Function"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Sharon Brizinov of Claroty reported these vulnerabilities to Emerson."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"}]}, "solution": [{"lang": "en"}], "source": {"advisory": "ICSA-21-355-04", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-26264", "datePublished": "2021-12-21T00:00:00", "dateReserved": "2021-12-16T00:00:00", "dateUpdated": "2022-01-28T19:09:49", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emerson:deltav_workstation:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FADADAE-1109-4062-957A-1B4B33711B96", "vulnerable": true}, {"criteria": "cpe:2.3:o:emerson:deltav_distributed_control_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "583D1427-EEE6-4656-B7B8-4B874B46EED7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A specially crafted script could cause the DeltaV Distributed Control System Controllers (All Versions) to restart and cause a denial-of-service condition."}, {"lang": "es", "value": "Un script especialmente dise\u00f1ado podr\u00eda hacer que DeltaV Distributed Control System Controllers (todas las versiones) se reinicien y causar una condici\u00f3n de denegaci\u00f3n de servicio"}], "id": "CVE-2021-26264", "lastModified": "2022-02-02T20:28:47.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2022-01-28T20:15:10.927", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}